Feat : Fuzzing #146
Feat : Fuzzing #146
Conversation
|
I was trying to enable fuzzing of https://github.com/sigstore/rekor ran into the tight coupling of the code and realized the ideal place to start is |
|
nice! thanks could this be leveraged as a github action as well? |
|
+1 to the concept - @cpanato do you think it makes to implement the same |
Yes, my thought process is crawl-walk-run. I wanted to get the initial set up done run ClusterFuzz lite as part of GitHub action for every PR and also probably as a corn job |
I agree that would be good. But can that be a refactor after this one is merged? |
naveensrinivasan
force-pushed
the
naveen/feat/refactor
branch
from
296f118
to
c175f7b
Compare
naveensrinivasan
force-pushed
the
naveen/feat/refactor
branch
from
c175f7b
to
1b6943d
Compare
| @@ -0,0 +1,2 @@ | |||
| -----BEGIN ----- | |||
There was a problem hiding this comment.
Put the initial corpus into the workdir/corpus directory (in our case examples/png/corpus). Go-fuzz will add own inputs to the corpus directory. Consider committing the generated inputs to your source control system, this will allow you to restart go-fuzz without losing previous work.
Source https://github.com/dvyukov/go-fuzz
https://github.com/dvyukov/go-fuzz-corpus/tree/master/pem/corpus
Enabling fuzzing for sigstore. The first steps into fuzzing Sigstore. The goal is to integrate this into oss-fuzz using libfuzzer https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/ and https://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
naveensrinivasan
force-pushed
the
naveen/feat/refactor
branch
from
1b6943d
to
979d458
Compare
|
@lukehinds @dlorenc Friendly ping. |
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Thanks! Merged the suggestion. |
will do and propose a PR, sorry for the delay to reply, missed this notification |
* Add support for COSIGN_REPOSITORY env var This env var will allow users to specify which repo they want cosign signatures stored in. Signed-off-by: Priya Wadhwa <priyawadhwa@google.com> * Add notes about COSIGN_REPOSITORY to README Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
Enabling fuzzing for sigstore.
The first steps into fuzzing Sigstore.
The goal is to integrate this into oss-fuzz using libfuzzer
https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/ and
https://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html
Signed-off-by: naveen 172697+naveensrinivasan@users.noreply.github.com